+ 



CISCO- 1935 



CLAIMS 



10 



15 



What is claimed is: 



I 



1. In a firewall device having a plurality of communication interfaces, a firewall 
system comprising: 

a) a firew ill core connected to each said communication interface; and 

b) at least one inspection module coupled for communication to said 
firewall core, said inspection module configured to provide protocol 
inspection of data packets to said firewall core, said firewall core 
configured to receive data packets from said interfaces and 
communicate said packets to said inspection module for inspection, said 
inspection module is further configured to be installed during the 
operatiDn of the firewall system. 



2. The firewall 
memory space 



sy tem of claim 1, wherein said inspection module is installed into a 
monitored by said firewall core. 



20 3. The firewall sy: 
comprises callback 
and providing coiiimunication 
module. 



tem of claim 1, wherein said inspection module further 
functions, said functions communicated to said firewall core 
between said firewall core and said inspection 
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4. The firewall system of claim 1, wherein said inspection module is further 
configured to indicate to said firewall core for which data packets said inspection 
module is configured to provide inspection. 



5. The firewall system 
firewall core furthe " 
data, said firewall 
corresponding insp 



of claim 1, wherein said data packets intercepted by said 
includes session information comprising address and port 

further configured to map said session information to 
ction modules. 



core 



6. In a firewall device having a plurality of communication interfaces, a firewall 
core configured to qe coupled to at least one inspection module, said firewall core 
comprising: 

a) a communication unit operatively coupled to the communication 
interfaces i and 

b) a set of callback functions, retrieved from said inspection module, each 
said function providing communication between said firewall core and 
said inspection module. 



7. The firewall core ob claim 6, wherein said communication unit is further 
configured to intercept network data communicated via said network interfaces. 



8. The firewall core of claim 7, further comprising a session mapping unit, said data 
packets intercepted by said firewall core further including session information 
comprising address anc port data, said firewall core further configured to map said 
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session information to corresponding inspection modules into a session mapping 
and store said session mapping into said session mapping unit. 



9. The firewall cqtre 
configured to coilnmunicate 
said inspection niodule 



of claim 6, wherein said communication unit is further 

packets between said communication interfaces and 
for inspection. 
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10. In a firewall device having a plurality of communication interfaces and a 
firewall core coualed to the communication interfaces, an inspection module 
10 configured to couple with the firewall core, said inspection module comprising: 

a) an inspection unit configured to inspect and authorize data packets; 
and 

b) a functioh table having a set of callback functions each said function 
providing communication between said firewall core and said 

15 inspection module. 



1 1 . The inspection module of claim 10, where in said inspection unit is further 
configured to be installed during the operation of the firewall core. 



20 12. The firewall system of claimlO, wherein said inspection module is installed into 



a memory space mom 



13. The firewall system 
configured to indicate 
25 module is configured 



ored by said firewall core. 



of claim 1, wherein said inspection module is further 
to said firewall core for which data packets said inspection 
io provide inspection. 
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14. The inspection module of claim 10, where in said inspection unit is further 
configured tolreceive and inspect packets communicated from the firewall core. 
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15. In a firewall device having a firewall system including a firewall core, a 
method for adding protocol knowledge to the firewall system during runtime 
comprising: 

a) loadirig an inspection module comprising new protocol inspection 
knowledge and a function table having a set of callback functions; 

b) notifying the firewall core of said inspection module; and 

c) communicating said set of callback functions to said firewall core. 

16. The method of [claim 15, further comprising enabling said inspection module, 
prior to communicating said set of callback function to said firewall core. 

17. The method of dlaim 15 further comprising inspecting of packets by said 
inspection module, s[aid packets communicated from the firewall core to said 
inspection module. 



20 18. The method of claim 15 wherein said notifying the firewall core comprises 
loading said inspection module into a memory space monitored by the firewall 
core. 
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19. The method of claim 15 wherein said notifying the firewall core comprises 
transmitting\a signal to the firewall core to indicate the installation of said 
inspection module. 



20. The method of claim 15, further comprising indicating by said inspection 
module for which data packets said inspection module provides inspection. 



21. A program storage device readable by a machine, tangibly embodying a 
program of instructions executable by the machine to perform a method for 
10 adding protocol llnowledge to a firewall system during runtime comprising, said 

firewall system including a firewall core, said method comprising: 

\ 

! 

! 

a) loading jpn inspection module comprising new protocol inspection 
knowledge and a function table having a set of callback functions; 
15 b) notifying! the firewall core of said inspection module; and 

c) communicating said set of callback functions to said firewall core. 



22. The program storage device of claim 21, said method further comprising 
enabling said inspection module, prior to communicating said set of callback 

20 function to said firewall core. 

23. The program storagl^ device of claim 21, said method further comprising 
inspecting of packets by\said inspection module, said packets communicated from 
the firewall core to said inspection module. 

25 
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24. The program storage device of claim 21, wherein said notifying the firewall 
core comprises loading said inspection module into a memory space monitored by 
the firewall core. 

25. The program storage device of claim 21, wherein said notifying the firewall 
core comprises! transmitting a signal to the firewall core to indicate the loading of 
said inspection module. 

26. The program storage device of claim 21, said method further comprising 
indicating by saidi inspection module for which data packets said inspection 
module provides inspection. 
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